>From the JS in the sidebar, I can get the value of
content.document.title, but how do I get the value of
content.document.someJavaScriptVariable?
Thanks!
You could use the windowmediator to get the main window.
const windowMediatorIID = Components.interfaces.nsIWindowMediator;
const windowMediator =
Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(windowMediatorIID);
const topWin = windowMediator.getMostRecentWindow("navigator:browser");
winTitle = topWin.document.title
And in case you missed it, global vars are properties of |window|, not
|document|.
Nickolay
>I want my sidebar to check the page being loaded in the main window and check for the value of specific JavaScript variables.
>
>
This can be accomplished via the |wrappedJSObject| property, but note
that despite the documentation I was reading claiming that it is only
unsafe to try to write the value of specific JavaScript variables, I
would avoid reading them too.
--
Warning: May contain traces of nuts.
>> I want my sidebar to check the page being loaded in the main window and
>> check for the value of specific JavaScript variables.
>> >From the JS in the sidebar, I can get the value of
>> content.document.title, but how do I get the value of
>> content.document.someJavaScriptVariable?
> You could use the windowmediator to get the main window.
Err, he already *has* the main window. (content is magic).
Phil
--
Philip Chee <phi...@aleytys.pc.my>, <phili...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
[ ]ERROR: Unable to come up with a good tagline.
* TagZilla 0.059
var winWrapper = new XPCNativeWrapper(content);
var jso = winWrapper.wrappedJSObject;
alert("someJavaScriptVariable = ["+jso.someJavaScriptVariable+"]");
Actually, just:
alert(content.wrappedJSObject.someJSVar);
but it is not recommended to do this on random webpages due to
security concerns.
Nickolay
>
> Nickolay Ponomarev wrote:
> > On 22 Nov 2006 19:33:45 -0800, S.Hamel <sham...@gmail.com> wrote:
> > > I want my sidebar to check the page being loaded in the main window and
> > > check for the value of specific JavaScript variables.
> > >
> > > >From the JS in the sidebar, I can get the value of
> > > content.document.title, but how do I get the value of
> > > content.document.someJavaScriptVariable?
> > >
> > http://developer.mozilla.org/en/docs/XPCNativeWrapper
> >
> > And in case you missed it, global vars are properties of |window|, not
> > |document|.
> >
> > Nickolay
>
> _______________________________________________
> dev-extensions mailing list
> dev-ext...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-extensions
>
> This can be accomplished via the |wrappedJSObject| property, but note
> that despite the documentation I was reading claiming that it is only
> unsafe to try to write the value of specific JavaScript variables, I
> would avoid reading them too.
Can you explain, why? What other way would there be to read a specific
JS var?
Thanks,
Dirk
>Neil,
>
>>This can be accomplished via the |wrappedJSObject| property, but note that despite the documentation I was reading claiming that it is only unsafe to try to write the value of specific JavaScript variables, I would avoid reading them too.
>>
>>
>Can you explain, why?
>
Fortunately I don't know the details of any relevant exploits. Obviously
an exploit is less likely if you check the page location first
(particularly if you limit it to a secure web site).
OK. In my case, I just check a variable, which will have some kind of
user_id (used by a blog counter, that users can install from my site).
I read that variable to let the user go to the profil page of that
user_id. The extension is just a shortcut for clicking the profil
button on the webpage. And there are some "invisible" buttons, so the
extension will give access to that users profil page through the
extension.
The profil is public anyway, so I don't really care about the content
of the JS variable.
Does this sound "safe"? You can have a look at the counter-code in the
source of http://olbertz.de/blog . Search for "blogscout" to see the
variable "blogcounter_client_id". When clicking on the extions icon,
the user is redirected to
http://blogscout.de/info/profil/<blogcounter_client_id>.
Thanks,
Dirk
>The profil is public anyway, so I don't really care about the content of the JS variable.
>
>
That's not the problem. Ideally you need to ensure that nothing bad
happens to your users if they click your button when visiting
http://malicious.site/
OK. Thanks. So I will make sure the content is "well-formed" and does
not contain characters that I forbid to be there, when it's a regular
counter-code.
Regards,
Dirk